The time is finally here for us to make the transition to client-server architecture in Anahita. We have been busy working on the nohtml branch of Anahita that sends back JSON responses by default. We have removed all the code that generates HTML layouts and user interfaces, and the codebase is nearly 50% smaller, and you will notice a significant speed boost, too. Once we merge the "nohtml" branch, we will tag it as the Anahita Server 4.6 release.
We have also been developing an Anahita React app. You can either fork and customize this app or use it as a reference for developing client-side Anahita applications for web, mobile, or desktop computers.
We will update the Anahitapolis website using our current codebase in the upcoming weeks. Then, we will continue to refine the codebase towards a stable release. There will be interruptions in the service because this is a significant upgrade. We appreciate your patience!
A common form of attacks in applications that allow file upload is when you enable unrestricted file upload without checking the file type against a restricted list of mime-types in your back-end code.
In the Anahita default installation, the only file uploads happen when a user uploads an avatar, cover image, or photo. In all cases, only certain mime types are allowed. If you are developing custom applications for Anahita that enable file uploads for videos, sound files, or documents, you MUST check the file type in your back-end code and allow only a specific list of mime-types.
Otherwise, someone could try uploading a PHP shell file that exposes critical information about your server.
Another important tip is to use AWS S3 for storing your uploaded files. The storage is much cheaper, and the performance is much better, but a PHP shell file cannot execute in an AWS S3 bucket. Anahita, by default, stores the uploaded files in the assets directory in the root of Anahita. Use that o...
We tagged the 4.5.0 release yesterday. What's significant about this release is the improved JSON REST APIs for essential operations such as signup, authentication, password recovery, Actor profile settings, and Site Settings.
As you know, Anahita has been moving towards a Client-Server architecture. We are developing a client-side React application for Anahita. We are already using stable variations of this app in public and private platforms that we have implemented for our clients. We are also developing an open-source version of the Anahita React app for our community.
If you are using the code in the master branch, do a git pull to obtain the latest code. If you are using a stable version of the Anahita, go straight to typing the following commands in the root of your Anahita installations:
$ composer update
$ php anahita site:configuration
Then using vim or an editor of your choice, edit the configuration.php file in the www directory, and set:
var $client_domain = "...
Until now, site configurations didn't have a JSON view for Browse and Read methods, and that made it impossible to manage site configurations from a client app.
We added those JSON views in the site settings component, and the code is in the master branch. We are still refining the output as we are developing the UX and UI in the Anahita React app, so we appreciate your patience until we tag a new release. On the other hand, you can build site management workflows in your clientside apps for mobile, desktop, and web.
This update contains some critical security updates, so we advise you to update your Anahita installations. We have also improved the overall security of the Anahita domain entities.
For those of you who have custom Anahita apps on your system, you may need to update them. Here are the changes that you need to make:
We are now supporting Amazon S3 Regions. When you upgrade your installation, go to Settings Plugins Storage Amazon S3 and select the Region for your AWS S3 bucket.
We are also using 2 Google API keys for Geolocation and Google Maps APIs. That is because Anahita does geolocation on the server-side while the maps pass the key on the client-side. You can technically reuse the same key for both services, but you may want to use two different keys with different constraints. Go to Settings Apps Locations and update the keys.
How to update
Go to the root of your Anahita installation and run the following commands:
$ composer upd...
Just a heads up that the LinkedIn OAuth is no longer working because we need to update it for OAuth 2.
We also want to move away from the facebook clone type consumer social networks and customize Anahita for knowledge sharing and open science applications. Therefore, we want to add support for additional providers such as Google, GitHub, and GitLab. The development will take some time, but it will be perfect for Anahita.
Ideally, we would want to have the Anahita Connect app to be both a consumer and provider of OAuth service. We can not only authenticate Anahita users against external services such as Google or Github but also turn Anahita itself into an OAuth provider.
We may decide to remove support for Facebook for several reasons. For example, Facebook is very much a consumer service and not being used professionally in the science and education world. They also have a poor track record in terms of privacy and data collection.
We just tagged this release on Github. It doesn't provide any new features, but some significant changes in the core framework has happened that are essential for those of you who are building custom applications for Anahita.
We have merged all the parts that we were using from the legacy Nooku and Koowa frameworks and removed most of the unused code. This has made the Anahita framework API consistent everywhere. So basically:
I started an article reflecting on Anahita's history and goals. It was supposed to be just a paragraph, but it grew to become an independent blog post. Apparently, I like to ramble on when it gets to talking about Anahita. You can find the published article here:
TL;DR after building a learning management system for an old-school education company, I was inspired to build a more democratic and distributed online learning and knowledge sharing platform. I left my job, focused on my new company, grew a team, got down to coding. At the time we thought social networking was the solution to all humanity's ailments, but then alternative facts, click-bait content, and extremist ideas started spreading around on mega giant social media. After some reflection, we decided to focus on building tools for open science and data. Our goal is to make Anahita the lightest viable unit required to set up a knowledge sharing and collaboration platform. We want brutal minimali...
This is a maintenance release that fixes the issue with video player styling and comes with some refactored code as well.
to get the update run the following command in the root of your Anahita directory:
$ composer update
If you had any questions, please start a topic in the Tribe Support group: https://www.getanahita.com/groups/107732-tribe-support
This is a maintenance release with a number of fixes in RESTful APIs, OAuth for Twitter and facebook, and a number of improvements and cleanups in the core library. The only new features that we've added is in the Articles app. You can now upload a cover for a published article. You can see the change log for more details:
IMPORTANT NOTE: make a backup of your database before upgrading so if things went wrong, you would be able to recover.
Now run the following command in the root of your Anahita installation:
$ composer update
then run the database migration:
$ php anahita db:migrate:up
that should do it.
If you are using the master branch, you need to pull the code and then run the database migration.
Please post your questions in the Support Group and we'll be happy to help you: https://www.getanahita.com/groups/107732-tribe-support
We made a small but significant change in the Anahita installation workflow. We added a site:signup command to the CLI tool so you can create the first account from the command line.
Signing up from the user interface signup form will set the user type to registered by default.
We first implemented this feature for our upcoming 4.6.0 release in the nohtml branch, but we decided to give you this feature in the 4.5.2 release because it will make your life a bit easier.
Years ago, when I used to be in the Joomla team as a development group member, I came across a Joomla-powered website launched by the Iranian government to dox people who participated in the green movement protests against the theocratic regime. I remember how sick I felt in the stomach and how appalled I was. Here I was volunteering my programming skills and code for a good cause only to see some of the worst people in the world use our code for despicable purposes. That's when I learned a lesson about the dark side of open-source software; that everyone, even the bad guys, can download and use it.
After launching the Anahita project and community, I figured that it would only be a matter of time for the wrong people to start using our code. This week, I was saddened to find out that at least one Anahita installation out there has been spreading misinformation and conspiracy theories as a "Free Speech" platform. Fortunately, their site is currently down.
During the last year, many ma...
We have just tagged the 4.4.4 Birth release. This version comes with improved REST API for Site Settings and Actor Settings. We have also fixed several bugs.
We have been busy working on the Anahita React app and, through this process, improving the REST APIs in Anahita.
If your installation is from the master branch:
$ git pull
$ php anahita db:migrate:up
else, if your installation is from the latest stable release:
$ composer update
$ php anahita db:migrate:up
If you have any issues through the upgrade, please start a topic in the Tribe Support group so we can help you out: https://www.getanahita.com/groups/107732-tribe-support
Anahita 4.4.1 Birth release provides several security fixes and enhancement. For those of you who are developing custom apps for Anahita, you need to be aware of these changes.
The REST endpoint for signing up a new person is now a POST request to https://www.yourdomain.com/people/signup.json
We have improved field validation in Anahita entities, and you can enforce minimum, and maximum length constrains to an entity attribute. To follow a convention, we are using the numbers: 3-30, 8-80, 10-100, 1,000, 5,000, and 40,000. Here is an example of how to use limit constrains in the Person entity:
In the component or plugin configuration files, we used to use the term default for the selected item in a list. We are now using the term selected, which is more appropriate for lists....
People have asked us about how to scale up Anahita for hundreds of thousands or more users, also about a micro-services version of Anahita. No cloud application can by default scale up to a large number of users. Traditionally, Software-as-a-service or SAAS projects achieved this by throwing hardware and computing power at their production server. Today they use a dev-ops and release engineering infrastructure.
Two common technologies that we can use today are Docker and Kubernetes. Docker allows us to run Anahita, MySql Database, and other parts of a setup in individual containers. A group of Docker containers that communicate with each other is a cluster of containers. At the moment, Anahita is a monolith application. We want to move towards a micro-services architecture. In this article, I want to outline the first few changes that could make this leap happen.
Moving towards a client-services archite...
We just reached an important milestone for Anahita. All the Nooku Koowa code which was being used are merged with the Anahita framework and most of the unused code has been removed.
Our framework is now nice and consistent and no more confusions between "K" and "An" prefixes as well as "koowa" and "anahita" identifiers. Now all the class prefixes are "An" and wherever we had "koowa" it is "anahita".
This release will be tagged version 4.4 because all your custom apps need to be updated to accommodate the recent changes.
Our special thanks to the Nooku team for we couldn't have made it this far without their framework.
Now while we're at it, could you please test installing from the master branch and let me know if everything is working properly? Thank you!
It's been a while since I've written about the direction to which the Anahita project is heading towards. A lot of research and silent development has been happening during the last year with a focus on maintaining the existing codebase while planning the upcoming releases.
The idea of Anahita came to me over a decade ago when I was working as the lead architect of a software project to develop a Learning Management System for K12. The system we built closely resembled the traditional education model. After we launched and used the system for a while with a large number of schools in the US and Canada, I went through the survey results. The responses indicated that we've been enforcing an archaic education model via technologically challenged administrators and teachers to students who had the least power and most technical aptitude within that environment. During the same time, I was involved with an open source project called Joomla. Collaboration with other open source developers ...
This is a maintenance release that addresses a number of issues in php 7.2.8 and MySql 5.7. You will also notice a slight speed boost and new video player in the posts. To update, simply run the following command in the root of your Anahita installation:
$ composer update
If you have experienced any issues, please start a topic in the Anahita Tribe Support group: https://www.getanahita.com/groups/107732-tribe-support
My special thanks to Nick Swinford @nicholasjohn16 for testing, reporting, and providing patches.